diff options
-rw-r--r-- | interface-definitions/l2tp-server.xml | 40 | ||||
-rwxr-xr-x | src/conf_mode/accel_l2tp.py | 52 |
2 files changed, 91 insertions, 1 deletions
diff --git a/interface-definitions/l2tp-server.xml b/interface-definitions/l2tp-server.xml index d5b6a921b..721913dfe 100644 --- a/interface-definitions/l2tp-server.xml +++ b/interface-definitions/l2tp-server.xml @@ -67,6 +67,19 @@ </leafNode> </children> </node> + <leafNode name="dnsv6-servers"> + <properties> + <help>IPv6 Domain Name Service (DNS) server</help> + <valueHelp> + <format>ipv6</format> + <description>IPv6 DNS address</description> + </valueHelp> + <constraint> + <validator name="ipv6-address"/> + </constraint> + <multi /> + </properties> + </leafNode> <node name="lns"> <properties> <help>L2TP Network Server (LNS)</help> @@ -255,6 +268,33 @@ </leafNode> </children> </node> + <node name="client-ipv6-pool"> + <properties> + <help>Pool of client IPv6 addresses</help> + </properties> + <children> + <leafNode name="prefix"> + <properties> + <help>IPV6 prefix delegation</help> + <valueHelp> + <format>ipv6prefix/mask,prefix_len</format> + <description>e.g.: fc00:0:1::/48,64 - divides prefix into /64 subnets for clients</description> + </valueHelp> + <multi /> + </properties> + </leafNode> + <leafNode name="delegate-prefix"> + <properties> + <help>DHCPv6 prefix delegation - rfc3633</help> + <valueHelp> + <format>ipv6prefix/mask,prefix_len</format> + <description>Delegate to clients through DHCPv6 prefix delegation - rfc3633</description> + </valueHelp> + <multi /> + </properties> + </leafNode> + </children> + </node> <leafNode name="description"> <properties> <help>Description for L2TP remote-access settings</help> diff --git a/src/conf_mode/accel_l2tp.py b/src/conf_mode/accel_l2tp.py index 3a224974e..3af8b7958 100755 --- a/src/conf_mode/accel_l2tp.py +++ b/src/conf_mode/accel_l2tp.py @@ -53,6 +53,9 @@ radius {% endif -%} ippool shaper +ipv6pool +ipv6_nd +ipv6_dhcp [core] thread-count={{thread_cnt}} @@ -72,6 +75,13 @@ dns2={{dns[1]}} {% endif %} {% endif -%} +{% if dnsv6 %} +[ipv6-dns] +{% for srv in dnsv6: %} +{{srv}} +{% endfor %} +{% endif %} + {% if wins %} [wins] {% if wins[0] %} @@ -127,6 +137,9 @@ lcp-echo-interval=30 {% if ccp_disable %} ccp=0 {% endif %} +{% if client_ipv6_pool %} +ipv6=allow +{% endif %} {% if authentication['mode'] == 'radius' %} [radius] @@ -159,6 +172,21 @@ gw-ip-address={{outside_nexthop}} verbose=1 {% endif -%} +{% if client_ipv6_pool %} +[ipv6-pool] +{% for prfx in client_ipv6_pool.prefix: %} +{{prfx}} +{% endfor %} +{% for prfx in client_ipv6_pool.delegate_prefix: %} +delegate={{prfx}} +{% endfor %} +{% endif %} + +{% if client_ipv6_pool['delegate_prefix'] %} +[ipv6-dhcp] +verbose=1 +{% endif %} + {% if authentication['radiusopt']['shaper'] %} [shaper] verbose=1 @@ -170,6 +198,7 @@ vendor={{authentication['radiusopt']['shaper']['vendor']}} [cli] tcp=127.0.0.1:2004 +sessions-columns=ifname,username,calling-sid,ip,{{ip6_column}}{{ip6_dp_column}}rate-limit,type,comp,state,rx-bytes,tx-bytes,uptime ''' @@ -250,10 +279,14 @@ def get_config(): 'outside_addr' : '', 'outside_nexthop' : '', 'dns' : [], + 'dnsv6' : [], 'wins' : [], 'client_ip_pool' : None, 'client_ip_subnets' : [], - 'mtu' : '1436', + 'client_ipv6_pool' : {}, + 'mtu' : '1436', + 'ip6_column' : '', + 'ip6_dp_column' : '', } ### general options ### @@ -262,6 +295,9 @@ def get_config(): config_data['dns'].append( c.return_value('dns-servers server-1')) if c.exists('dns-servers server-2'): config_data['dns'].append( c.return_value('dns-servers server-2')) + if c.exists('dnsv6-servers'): + for dns6_server in c.return_values('dnsv6-servers'): + config_data['dnsv6'].append(dns6_server) if c.exists('wins-servers server-1'): config_data['wins'].append( c.return_value('wins-servers server-1')) if c.exists('wins-servers server-2'): @@ -369,6 +405,13 @@ def get_config(): if c.exists('client-ip-pool subnet'): config_data['client_ip_subnets'] = c.return_values('client-ip-pool subnet') + if c.exists('client-ipv6-pool prefix'): + config_data['client_ipv6_pool']['prefix'] = c.return_values('client-ipv6-pool prefix') + config_data['ip6_column'] = 'ip6,' + if c.exists('client-ipv6-pool delegate-prefix'): + config_data['client_ipv6_pool']['delegate_prefix'] = c.return_values('client-ipv6-pool delegate-prefix') + config_data['ip6_dp_column'] = 'ip6-dp,' + if c.exists('mtu'): config_data['mtu'] = c.return_value('mtu') @@ -424,6 +467,13 @@ def verify(c): #raise ConfigError('set vpn l2tp remote-access outside-nexthop required') print ("WARMING: set vpn l2tp remote-access outside-nexthop required") + ## check ipv6 + if 'delegate_prefix' in c['client_ipv6_pool'] and not 'prefix' in c['client_ipv6_pool']: + raise ConfigError("\"set vpn l2tp remote-access client-ipv6-pool prefix\" required for delegate-prefix ") + + if len(c['dnsv6']) > 3: + raise ConfigError("Maximum allowed dnsv6-servers addresses is 3") + def generate(c): if c == None: return None |